Authentication for secure wireless communication

ABSTRACT

A method and apparatus for use in authentication for secure wireless communication is provided. A received signal is physically authenticated and higher layer processed. Physical authentication includes performing hypothesis testing using a channel impulse response (CIR) measurement of the received signal and predetermined referenced data. Higher layer processing includes validating the signal using a one-way hash chain value in the signal. Once a signal is authenticated, secure wireless communication is performed.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of National Stage Application Ser.No. 13/121,190 filed on Dec. 16, 2013 which is a 371 of InternationalApplication PCT/US2009/057477 filed on Sep. 18, 2009 which claims thebenefit of provisional application 61/098,480 filed on Sep. 19, 2008,the disclosures of which are incorporated herein by reference in theirentirety.

TECHNICAL FIELD

This application is related to wireless communications.

BACKGROUND

In typical wireless communications two wireless transmit/receive units(WTRUs), Alice and Bob, communicate with each other on a channel. Toexclude an illegitimate entity, Eve, Alice and Bob cryptographicallyprotect their communications. Traditional cryptographic techniques,which rely on computational difficulty, are increasingly ineffective asthe availability of computing power increases. In addition, an Eve mayuse a spoofing to disrupt legitimate communications in variety of ways,such as through denial of service or signals by impersonating alegitimate communicating entity.

Information-theoretically secure cryptographic techniques eliminate thereliance on computational difficulty. For example, Alice and Bob mayemploy the reciprocity of a wireless channel to extract secret keys.These techniques usually rely on exchanging signals, or probing, thewireless channel, such as in a time division duplex (TDD) manner, tocollect correlated information from which common secret bits areobtained. During the probing, it may be difficult for Alice and Bob tobe sure that the signals they received originated from a legitimatesource. Thus a method an apparatus for providing authentication forsecure wireless communication would be advantageous.

SUMMARY

A method and apparatus for use in authentication for secure wirelesscommunication is provided. A received signal is physically authenticatedand higher layer processed. Physical authentication includes performinghypothesis testing using a channel impulse response (CIR) measurement ofthe received signal and predetermined referenced data. Higher layerprocessing includes validating the signal using a one-way hash chainvalue in the signal. Once a signal is authenticated, secure wirelesscommunication may be performed.

BRIEF DESCRIPTION OF THE DRAWINGS

A more detailed understanding may be had from the following description,given by way of example in conjunction with the accompanying drawingswherein:

FIG. 1 shows a block diagram of an example of a network for performingauthentication for secure wireless communication;

FIG. 2 shows a block diagram of an example of a wirelesstransmit/receive unit and a base station for performing authenticationfor secure wireless communication;

FIG. 3 shows a diagram of an example of a method of authentication forsecure wireless communication;

FIG. 4 is a flow chart of an example of a method ofdouble-authentication;

FIG. 5 shows a diagram of an example a method of double-authenticationusing one-way hash chain based higher layer processing; and

FIG. 6 shows a block diagram of an example of a method of authenticationfor secure wireless communication with re-authentication.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

When referred to hereafter, the terminology “wireless transmit/receiveunit (WTRU)” includes but is not limited to a user equipment (UE), amobile station, a fixed or mobile subscriber unit, a pager, a cellulartelephone, a personal digital assistant (PDA), a computer, or any othertype of user device capable of operating in a wireless environment. Whenreferred to hereafter, the terminology “base station” includes but isnot limited to a Node-B, a site controller, an access point (AP), or anyother type of interfacing device capable of operating in a wirelessenvironment. The terms “WTRU” and “base station” are not mutuallyexclusive. For example, a WTRU may be an enhanced Home Node-B (H(e)NB).

When referred to hereafter, the term “Alice” includes a WTRU or a basestation that is a legitimate communicating entity. When referred tohereafter, the term “Bob” includes a WTRU or a base station that is alegitimate communicating entity. When referred to hereafter, the term“information-theoretically secure” includes but is not limited toperfectly secure, unconditionally secure, and nearlyinformation-theoretically secure. When referred to hereafter, the terms“trust”, “trusted”, and “trustworthy”, as well as variations thereof,indicate a quantifiable and observable manner of assessing whether aunit will function in a particular manner.

FIG. 1 shows a block diagram of an example of a wireless communicationnetwork 100 for performing authentication for secure wirelesscommunication. The network 100 includes a first WTRU 110 (Alice), a basestation 120 (Bob), and an illegitimate communicating entity 130 (Eve).Alice is in communication Bob. Eve is attempting to interfere.

Although shown as a WTRU for simplicity, Alice may be a base station, orany other apparatus capable of performing wireless communication.Although shown as a base station for simplicity, Bob may be a WTRU, orany other apparatus capable of performing wireless communication. Inaddition, it should be apparent that any combination of wireless andwired devices may be included in the wireless communication network 100.

FIG. 2 is a more detailed block diagram of an example of the wirelesscommunication network 100 including Alice, shown as a WTRU 110, and BOB,shown as a base station 120. As shown Alice and Bob are configured toperform a method of authentication for secure wireless communication.

In addition to the components that may be found in a typical WTRU, theWTRU 110 includes a processor 211 with an optional linked memory 213, atleast one transceiver 215, an optional battery 217, and an antenna 219.The processor 211 is configured to perform a method of authenticationfor secure wireless communication. The transceiver 215 is incommunication with the processor 211 and the antenna 219 to facilitatethe transmission and reception of wireless communications. In case abattery 217 is used in the WTRU 110, it powers the transceiver 215 andthe processor 211.

In addition to the components that may be found in a typical basestation, the base station 120 includes a processor 221 with an optionallinked memory 223, transceivers 225, and antennas 227. The processor 221is configured to perform a method of authentication for secure wirelesscommunication. The transceivers 225 are in communication with theprocessor 221 and antennas 227 to facilitate the transmission andreception of wireless communications.

In a typical rich scattering environment, the radio channel responsedecorrelates rapidly in space. A physical-layer, channel-based, methodthat combines channel probing, M complex frequency response samples overa bandwidth W, with hypothesis testing may be used to determine whethercurrent and prior communication attempts are made by the samecommunicating entity. In this way, legitimate entities can beauthenticated and illegitimate entities can be detected.

In response to a spoofing attack, the receiver may fail to detect acertain percentage of illegitimate signals, called the miss rate, andaccept the spoofed messages as valid. Once an attack is missed, thereceiver may generate a certain percentage of false rejections, calledthe false alarm rate, when the legitimate communicating entity attemptsto authenticate. To counteract the non-zero probabilities of false alarmand missed detection, and the possibility of decorrelation due to missedor lost signals, a one-way hash chain that relies on purelycryptographic properties of hash functions and provides cryptographicprotections based on the computational difficulty of inverting a one-wayfunction, F(.), may be combined with the channel-based method.

FIG. 3 is a flow diagram of an example of a method of authentication forsecure wireless communication. Alice sends a signal A₁ including aunique identifier, such as a medium access control (MAC) address, to Bobto establish a connection at 310. Bob receives the signal A₁ and uses adouble-authentication algorithm, which includes channel-based validationand purely cryptographic validation, to authenticate the signal at 320.Eve attempts a spoofing attack to gain illegitimate access by sending aspoofing signal E₁ including Alice's MAC address to Bob at 330. Bobreceives Eve's spoofing signal E₁ and detects Eve's spoofing attackusing the double-authentication algorithm at 340. In response todetecting Eve's spoofing attack, Bob performs a security algorithm, forexample a system-dependent method, at 350.

FIG. 4 is a flow chart of an example of a method ofdouble-authentication. Bob receives a signal including a uniqueidentifier (MAC address) and generates a channel impulse response (CIR)measurement based on the received signal at 410. Bob examines areference table to determine whether valid reference CIR data associatedwith the MAC address exists at 420. If the CIR reference data exists,Bob performs a Fingerprints in the Ether (FP) method at 430. Forexample, a typical FP method includes the configuration of a storagemechanism for recording the shape of a CIR measurement associated with aparticular WTRU, such as, via a MAC address. Upon receipt of a signalpurporting to have originated from the WTRU, the receiver obtains a CIRmeasurement for the signal and compares it with the recorded CIR. If thetwo CIRs match, the signal is interpreted as being authentic.

If the FP method does not detect a possible attack (I(k)=0), or if noCIR reference data exists (I(k)=2), Bob performs higher layerprocessing, such as MAC layer authentication, at 440. Optionally, thehigher lay processing may be nominal, such that I₂(k)=0, or may beomitted. If the CIR reference data is authenticated, it is recorded inthe reference table.

A CIR measurement may become stale over time. For example, after aperiod equal to the channel coherence time has passed, a CIR maycompletely decorrelate. The use of stale channel data may lead to falsealarms. Accordingly, the CIR reference table includes a timer for eachCIR record. When the timer reaches the maximum lifetime, N_(T), the CIRrecord expires and, optionally, is deleted. The maximum lifetime of theCIR record, N_(T), is set such that each CIR record expires within therelevant channel coherence time.

Referring back to FIG. 4, the FP method at 430 uses CIR data andhypothesis testing to differentiate among transmitters and detectspoofing messages. Hypothesis testing includes performing a teststatistic function which provides a metric that is compared with a testthreshold to produce hypothesis results. A test statistic function,L(H₀, H₁), is calculated to evaluate the difference between the inputCIR data, H₁, and the reference CIR data, H₀. The result of the teststatistic function is compared with a test threshold, Thre. If H₀ and H₁are not similar enough L(H₀, H₁)>Thre and the FP method reports analarm. Where I(k) indicates the result of the FP method at time k, theFP method may be expressed as:

$\begin{matrix}{{I(k)} = \left\{ {\begin{matrix}{0,} & {{L\left( {{H_{1}(k)},{H_{0}(k)}} \right)} < {Thre}} \\{1,} & {{L\left( {{H_{1}(k)},{H_{0}(k)}} \right)} \geq {Thre}} \\{2,} & {{No}\mspace{14mu} {H_{0}(k)}}\end{matrix}.} \right.} & {{Equation}\mspace{14mu} (1)}\end{matrix}$

The test statistic function approximately represents a generalizedlikelihood ratio test based on a time-invariant channel model. Thechannel parameters, such as channel coherence time, may varysignificantly over time, and may depend on environment changes. Itshould be apparent that other functions may be implemented depending onthe particular channel model without exceeding the scope of the presentapplication. Table 1 shows several exemplary applications of the teststatistic function.

TABLE 1 No Test statistic, L(H₀, H₁) H₀ & H₁ 1 ||H₁ − H₀e^(jArg(H) ⁰^(k) ^(H) ¹ ⁾||² CIR vectors obtained at time k − 1 and k 2 ||H₁ −H₀e^(jArg(H) ⁰ ^(k) ^(H) ¹ ⁾||²/min(||H₁|², ||H₀||²) 3 ||H₁ −H₀e^(jArg(H) ⁰ ^(k) H ¹ ⁾||² CIR vectors (Fourier transform of CIR) 4||H₁ − H₀e^(jArg(H) ⁰ ^(k) ^(H) ¹ ⁾||²/min(||H₁|², ||H₀||²) obtained attime k − 1 and k 5 ||H₁ − H₀e^(jArg(H) ⁰ ^(k) ^(H) ¹ ⁾||² CPP of CIRvectors obtained at time k − 1 and k 6 Same as L5, except exclusion ofpower normalization in CPP 7 ||H₁ − H₀||² CPP of CIR vectors obtained attime k − 1 and k 8 ||H₁ − H₀e^(jArg(H) ⁰ ^(k) ^(H) ¹⁾ ||² CPP of CIRvectors obtained at time k − 1 and k, and then do Fourier transform

As shown in Table 1, the test statistics, L1, L3, and L5, process CIRdata in the time domain, while their counterparts, L2, L4, and L8,process the channel frequency responses. In addition, L1-L6 and L8utilize a complex scalar, e^(jArg(H H)) ₀ ₁, to counteract the phasedrifting of the channel response due to the changes of the receiver'slocal oscillator.

A CIR Post-Process (CPP) method may be used to align the channel impulseresponse in the time domain where two CIR vectors shift in time toincrease the overlap in shape. The CPP method may reduce the affect oftiming errors in channel estimation, and may reduce the false alarmrate. To support time shifting, the CPP method may optionally include,for example, CIR shape pruning, up sampling, and normalization of power.

The threshold, Thre, may be a pre-assigned threshold. For example, afixed threshold based on empirical data may be used. Alternatively, anadaptive threshold may be used. To establish an adaptive threshold,Alice sends N_(train) training messages to Bob, so as to teach Bob therange of the test statistics. Bob determines a percentile value of thetest statistic as the test threshold. For example, Bob may select a lowthreshold for a channel that exhibits low time variation in order tobalance between a false alarm rate and miss rate.

Referring again to FIG. 4, if the FP algorithm detects a possible attack(I(k)=1), such as a spoofing attack, and reports an alarm, Bob executesa security policy at 450. In some embodiments, Bob simply discards thesignal without performing higher layer processing. Alternatively, Bobperforms higher layer processing to further evaluate the authenticity ofthe received signal. If the signal also fails the higher layerprocessing, it is then discarded. For example, Bob may perform a one-wayhash chain to further evaluate the authenticity of the received signal.

FIG. 5 is a diagram of an example method of double-authentication usingone-way hash chain based higher layer processing. In this embodiment,each signal Alice sends includes an element from a one-way hash chain. Aone-way hash chain includes a sequence of elements based on a publiclyknown one-way hash function F(.), such that, using knowledge of X_(i),X_(j) may be computed for all j>i, In addition, it is computationallydifficult to compute F(X_(k)) for any k<i.

Where the integer N denotes a predetermined number of signals, theone-way hash chain may be expressed as:

X ₁ →X ₂ =F(X ₁)→X _(3=F)(X ₂)→ . . . . →X _(N) =F(X _(N−1)).   Equation(2)

As shown in FIG. 5, Alice chooses a random seed X₁ and a value of N at510. The value of N is based on Alice's estimate of the total number ofprobes she expects to transmit. Alice and Bob agree on the rate at whichthe signals will be sent at 515. For example, Alice estimates N andsends a message to Bob indicated N. Alternatively, Alice and Bob mayagree on a value of N in a prior communication. Optionally, Alice'schoice of N may be configured as a protocol parameter. It should beapparent that any method of agreeing on the value of N may be performedwithout exceeding the scope of the application.

Alice successively computes and stores N hash function values based onX₁ at 520. For example, the hash of X₁ may be expressed as X₂=F(X₁), andthe hash of X₂ may be expressed as X₃=F(F(X₁)). Optionally, the one-wayhash chain may be pre-computed and stored.

Alice transmits a series of N signals including her MAC address and thecalculated hash values to Bob beginning at 530. For example, Aliceincludes the element X_(N) in the first signal A₁ at 530, the elementX_(N−1) in the second signal A₂ at 540, and so on at 560-570. Thus theelements of the chain are revealed in reverse order. Bob receives thefirst signal A₁ and the second signal A₂ and validates them at 532, 542using the FP method.

Eve attempts to spoof Alice by sending a signal E₁ including Alice's MACaddress to Bob at 545. Anyone receiving the signals may compute the hashof the element contained in a signal using the publicly known functionF(.) to verify that it equals the element contained in the previoussignal, thereby being confident that the signal was sent by the sameentity that transmitted the previous signal. Moreover, since the hashfunction F(.) is one-way, knowledge of hash elements contained inreceived signals, t=t₀, cannot be used to predict the hash elementscontained in later received signals, such as signals arriving at t>t₀.Therefore, Bob receives Eve's signal E₁, computes the hash value, anddetermines that CIR and hash values do not match, and rejects Eve'sspoofing attempt at 547.

Alice transmits a third signal A₃ containing the one-way hash chainelement X_(N−2) at 550. However, Bob does not receive the third signal.Alice transmits a fourth signal A₄, containing the one-way hash chainelement X_(N−3), at 560. Bob receives the fourth signal A₄ andrecognizes that a signal has been missed at 562.

If a signal is lost, the legitimacy of the next received signal may beascertained by recursively computing the hash of the element in thelatest received signal. Thus, at 564, Bob determines the number ofmissed signals, m, based on the rate at which he and Alice have agreedto send signals on the channel. Bob computes the hash F(F(F . . .F(X_(n)))) . . . ) where X_(n) is the hash element in the latest signal,and the hash function is applied m times at 566. Bob compares the newhash value with the hash value contained in the previous correctlyreceived signal A₂, and validates the signal A₄ at 568.

Authentication based on one-way hash chains does not depend upon thewireless channel and does not reveal any part of any secret keys derivedbetween Alice and Bob. For example, if Alice and Bob derive secretencryption keys based on common randomness of a wireless channel, thesekeys are not publicly revealed during one-way hash chain authenticationand are preserved for use during encryption. Since the number of signalsthat need to be exchanged in order to extract a key of a certain lengthmay be conservatively upper bounded by a constant number N, a constantamount of memory is used to store the one-way hash chain.

Optionally, to protect against a simple substitution attack, wherein Evereads the hash element from a signal and uses those numbers to spoof asignal, a Message Authentication Code of each signal including thepreamble bits, the hash element disclosed, and a sequence number, may beattached at the end of the signal. The Message Authentication Code iscomputed using the next hash element to be revealed in the next signalas a key.

In some embodiments, the one-way hash chain is extended to protectfurther signals by cascading a second one-way hash chain after thefirst. Elements from the start of the second chain are included withelements from the end of the first chain. This effectively authenticatesthe start of the second chain before the first chain has ended.

It should be apparent that the combination of channel-based and one-waychain based data-origin consistency may be used in a number of ways, byattributing an appropriate amount of importance to the outcome of thehypothesis test computed for each received probe. For example, one-waychain authentication or channel-based authentication may be performedfor a subset of the messages.

Regardless of the higher layer processing method used, the result may bedenoted I₂(k)=0 if Alice is authenticated, and I₂(k)=1 if a possibleattack is detected. Thus, the overall authentication determinationI_(a)(k), may be expressed as:

$\begin{matrix}{{I_{a}(k)} = \left\{ \begin{matrix}{1,} & {{{if}\mspace{14mu} {I(k)}} = 1} \\{{I_{2}(k)},} & {else}\end{matrix} \right.} & {{Equation}\mspace{14mu} (3)}\end{matrix}$

Where H₁(k) is the CIR derived from a signal received at time k, H₀(k)may be expressed as:

$\begin{matrix}{{H_{0}(k)} = \left\{ {\begin{matrix}{{H_{1}\left( {k - 1} \right)},} & {{{if}\mspace{14mu} {I_{a}\left( {k - 1} \right)}} = 0} \\{{H_{0}\left( {k - 1} \right)},} & {{{else}\mspace{14mu} {if}\mspace{14mu} {Timer}\mspace{14mu} {of}\mspace{14mu} {H_{0}\left( {k - 1} \right)}} \leq N_{T}} \\{{NA},} & {o.w.}\end{matrix}.} \right.} & {{Equation}\mspace{14mu} (4)}\end{matrix}$

Where Bob has a reliable reference channel response, resulting from amessage sent by Alice for which the timer has not expired, the source ofthe CIR vector H may be designated S(H). For example, S(H₀(k))=Alice andI(k)<2. The false alarm rate, P_(fa), and miss rate, P_(m), may bedenoted as:

P _(fa) =P{I(k)=1|S(H ₁(k))=S(H ₀(k))}

P _(m) =P{I(k)=0|S(H ₁(k)≠S(H ₀(k))}.   Equation (5)

Where Bob does not have a reliable reference channel response the falsealarm rate, P_(FA), and miss rate, P_(M), may be denoted as:

P _(FA) =P{I(k)=1|S(H ₁(k))=Alice}

P _(M) =P{I(k)≠1|S(H ₁(k))=Eve}.   Equation (6)

Where P_(fa2) and P_(m2) denote the false alarm rate and the miss rateof the higher layer processing respectively, the overall false alarmrate, P_(FAA), may be denoted as:

P_(MA)=P_(M)P_(m2)

P _(FAA) =P _(FA)+(1−P _(FA))P _(fa2).   Equation (7)

The performance of the overall false alarm rate depends more on P_(FA)and P_(M), than P_(fa), and P_(m); however, the evaluation of P_(FA) andP_(M), takes more effort due to the dependence on the timer limit,N_(T), higher layer processing, and transmission pattern of both Aliceand Eve. For example, if Eve sends spoofing messages more frequently,both P_(FA) and P_(M) increase, even though everything else includingP_(fa), and P_(m) remains relatively constant. Since the generalizedclosed-form expressions of P_(FA) and P_(M) are hard to obtain, they maybe bound as functions of P_(fa), and P_(m), which are much easier toevaluate.

For example, if Bob receives one signal from either Alice, P_(a), orEve, P_(e), every time unit, and the source of the message is timeindependent, the identically distributed signals may be expressed as:

$\begin{matrix}{P = \left\{ {\begin{matrix}{P_{a},} & {{S\left( {H_{1}(k)} \right)} = {Alice}} \\{{1 - P_{a}},} & {{S\left( {H_{1}(k)} \right)} = {Eve}}\end{matrix}.} \right.} & {{Equation}\mspace{14mu} (8)}\end{matrix}$

Where the CIR timer N_(T) is less than the channel coherence time, andthe correlation of any two CIR vectors of the same channel is constantwithin the channel coherence time, the lower-bound of the overall falsealarm rate and miss rate the FP method may be expressed as:

P _(FA) =P _(fa) −P _(fa)(1−P _(a) +P _(a) P _(FA))^(N) ^(T)

P _(M) =P _(m)+(1−P _(m))(1−P _(a)(1−P _(FA)))^(N) ^(T) .   Equation (9)

FIG. 6 shows a block diagram of an example of a method of authenticationfor secure wireless communication with re-authentication. Alice sends afirst signal A₁ to Bob at 610. Bob receives the signal A₁ andauthenticates it using higher layer processing at 612. Bob storesAlice's CIR reference data, including a timer T₁ at 614.

Alice sends a second signal A₂ to Bob at 620. Bob receives the signalA₂, generates a CIR measurement based on the received signal, locatesthe stored CIR reference data, performs the FP method, and authenticatesAlice at 622.

Eve attempts to gain illegitimate access using a spoofed signal E₁including Alice's MAC address at 630. Bob receives Eve's signal E₁,generates a CIR measurement based on the received signal, locates thestored CIR reference data, and detects the spoofed signal at 632.

The timer T₁ expires at 640. Alice sends a third signal A₃ to Bob at650. Bob receives the signal A₃, generates a CIR measurement based onthe received signal, looks for, but does not locates stored CIRreference data, authenticates the signal A₃ using higher layerprocessing, and stores Alice's CIR reference data, including a timer T₂at 652. For example, Bob may authenticate the signal A3 using theone-way hash chain method described in reference to FIG. 6.

Eve attempts to gain illegitimate access using a spoofed signal E₂including Alice's MAC address at 660. Bob receives Eve's signal E₂,generates a CIR measurement based on the received signal, locates thestored CIR reference data, and detects the spoofed signal at 662.

Although features and elements are described above in particularcombinations, each feature or element can be used alone without theother features and elements or in various combinations with or withoutother features and elements. The methods or flow charts provided hereinmay be implemented in a computer program, software, or firmwareincorporated in a computer-readable storage medium for execution by ageneral purpose computer or a processor. Examples of computer-readablestorage mediums include a read only memory (ROM), a random access memory(RAM), a register, cache memory, semiconductor memory devices, magneticmedia such as internal hard disks and removable disks, magneto-opticalmedia, and optical media such as CD-ROM disks, and digital versatiledisks (DVDs).

Suitable processors include, by way of example, a general purposeprocessor, a special purpose processor, a conventional processor, adigital signal processor (DSP), a plurality of microprocessors, one ormore microprocessors in association with a DSP core, a controller, amicrocontroller, Application Specific Integrated Circuits (ASICs),Application Specific Standard Products (ASSPs); Field Programmable GateArrays (FPGAs) circuits, any other type of integrated circuit (IC),and/or a state machine.

A processor in association with software may be used to implement aradio frequency transceiver for use in a wireless transmit receive unit(WTRU), user equipment (UE), terminal, base station, Mobility ManagementEntity (MME) or Evolved Packet Core (EPC), or any host computer. TheWTRU may be used in conjunction with modules, implemented in hardwareand/or software including a Software Defined Radio (SDR), and othercomponents such as a camera, a video camera module, a videophone, aspeakerphone, a vibration device, a speaker, a microphone, a televisiontransceiver, a hands free headset, a keyboard, a Bluetooth® module, afrequency modulated (FM) radio unit, a Near Field Communication (NFC)Module, a liquid crystal display (LCD) display unit, an organiclight-emitting diode (OLED) display unit, a digital music player, amedia player, a video game player module, an Internet browser, and/orany Wireless Local Area Network (WLAN) or Ultra Wide Band (UWB) module.

Embodiments

-   1. A method for use in wireless communication, the method    comprising:-   receiving a signal from a wireless transmit/receive unit (WTRU); and    authenticating the received signal.-   2. A method as in any one of the preceding embodiments wherein the    authenticating includes double-authentication.-   3. A method as in any one of the preceding embodiments wherein the    authenticating includes physically authenticating the received    signal.-   4. A method as in any one of the preceding embodiments wherein the    authenticating includes higher layer processing the received signal.-   5. A method as in any one of the preceding embodiments wherein the    physically authenticating includes fingerprints in the ether (FP)    authenticating the signal.-   6. A method as in any one of the preceding embodiments wherein the    physically authenticating includes determining whether a    predetermined physical attribute is available based on data included    in the signal.-   7. A method as in any one of the preceding embodiments wherein the    physically authenticating includes determining whether a physical    attribute of the received signal matches a predetermined physical    attribute associated with data included in the received signal. 8. A    method as in any one of the preceding embodiments wherein the    physically authenticating includes evaluating a channel impulse    response (CIR) measurement of the received signal.-   9. A method as in any one of the preceding embodiments wherein the    evaluating a CIR measurement includes comparing a shape of a CIR    measurement of the received signal with a shape of a predetermined    CIR measurement associated with data included in the received    signal.-   10. A method as in any one of the preceding embodiments wherein the    authenticating the received signal includes storing a physical    attribute of the received signal in association with data included    in the received signal.-   11. A method as in any one of the preceding embodiments wherein the    storing a physical attribute includes storing a timer.-   12. A method as in any one of the preceding embodiments wherein the    physically authenticating includes ignoring information associated    with an expired timer.-   13. A method as in any one of the preceding embodiments further    comprising:-   executing a security policy in response to an authentication    failure.-   14. A method as in any one of the preceding embodiments wherein the    physically authenticating includes hypothesis testing.-   15. A method as in any one of the preceding embodiments wherein the    hypothesis testing includes calculating a hypothesis result using a    test statistic function.-   16. A method as in any one of the preceding embodiments wherein the    hypothesis testing includes comparing the hypothesis result with a    threshold.-   17. A method as in any one of the preceding embodiments wherein the    hypothesis testing includes adaptively determining the threshold.-   18. A method as in any one of the preceding embodiments wherein the    adaptively determining includes receiving a signal indicating a    threshold from the WTRU.-   19. A method as in any one of the preceding embodiments wherein the    higher layer processing includes purely cryptographic validation.-   20. A method as in any one of the preceding embodiments wherein the    higher layer processing includes one-way hash chain authentication.-   21. A method as in any one of the preceding embodiments wherein the    one-way hash chain authentication includes extracting a Message    Authentication Code from each signal in a plurality of signals.-   22. A method as in any one of the preceding embodiments wherein the    message authentication code includes a preamble bit.-   23. A method as in any one of the preceding embodiments wherein the    message authentication code includes a one-way hash chain element.-   24. A method as in any one of the preceding embodiments wherein the    message authentication code includes a sequence number.-   25. A method as in any one of the preceding embodiments wherein the    receiving a signal includes receiving a plurality of signals.-   26. A method as in any one of the preceding embodiments wherein each    signal in the plurality of received signals includes an element of a    one-way hash chain.-   27. A method as in any one of the preceding embodiments wherein the    higher layer processing includes determining whether a hash value of    a first one-way hash chain element in a first signal in the    plurality of signals matches a second one-way hash chain element in    a second signal in the plurality of signals.-   28. A method as in any one of the preceding embodiments further    comprising: receiving a signal indicating a signal count for the    plurality of signals.-   29. A method as in any one of the preceding embodiments further    comprising:

receiving a signal indicating a transmission rate for the plurality ofsignals.

-   30. A method as in any one of the preceding embodiments the    determining includes recursively computing a missing hash value    using the first one-way hash chain element and the second one-way    hash chain element.-   31. A method as in any one of the preceding embodiments wherein the    higher layer processing includes determining whether a hash value of    a third one-way hash chain element in a third signal in the    plurality of signals matches a fourth one-way hash chain element in    the second signal in the plurality of signals.-   32. A method as in any one of the preceding embodiments further    comprising: performing secure wireless communication with the WTRU.-   33. A method as in any one of the preceding embodiments wherein the    authenticating includes channel-based validation.-   34. A method as in any one of the preceding embodiments wherein the    authenticating includes rejecting a spoofing attack.-   35. A method as in any one of the preceding embodiments wherein the    signal includes information that indicates an identity of the WTRU.-   36. A method as in any one of the preceding embodiments wherein the    test statistic function represents a generalized likelihood ratio    test.-   37. A method as in any one of the preceding embodiments wherein the    likelihood ratio test is based on a time-invariant channel model.-   38. A method as in any one of the preceding embodiments wherein the    test statistic function depends on a channel model.-   39. A method as in any one of the preceding embodiments wherein the    test statistic function includes processing CIR data in the time    domain.-   40. A method as in any one of the preceding embodiments wherein the    test statistic function includes processing a channel frequency    response.-   41. A method as in any one of the preceding embodiments wherein the    test statistic function includes using a complex scalar to    counteract phase drift.-   42. A method as in any one of the preceding embodiments wherein    measuring a CIR includes performing CIR post-processing.-   43. A method as in any one of the preceding embodiments wherein the    CIR post-processing includes aligning the CIR measurement.-   44. A method as in any one of the preceding embodiments wherein the    CIR post-processing includes CIR shape pruning-   45. A method as in any one of the preceding embodiments wherein the    CIR post-processing includes up sampling.-   46. A method as in any one of the preceding embodiments wherein the    CIR post-processing includes normalization of power.-   47. A method as in any one of the preceding embodiments wherein the    threshold is pre-assigned.-   48. A method as in any one of the preceding embodiments wherein the    threshold is based on empirical data.-   49. A method as in any one of the preceding embodiments wherein the    threshold is adaptively assigned.-   50. A method as in any one of the preceding embodiments wherein the    adaptively assigning includes receiving a training message from the    WTRU.-   51. A method as in any one of the preceding embodiments wherein the    receiving a training message includes determining a range of test    statistics.-   52. A wireless transmit/receive unit (WTRU) configured to perform at    least part of any one of the preceding embodiments.-   53. A base station configured to perform at least part of any one of    the preceding embodiments.-   54. An integrated circuit configured to perform at least part of any    one of the preceding embodiments.

What is claimed:
 1. A method for use in authenticating wirelesscommunications from a wireless unit, the method comprising: receiving asignal from the wireless unit determining a channel impulse response(CIR) of the signal; storing the CIR as a temporary CIR; performinghigher layer authentication of the wireless unit using data received inthe received signal; and upon successful higher layer authenticationusing the data received in the received signal, computing a CIR templateusing the stored temporary CIR.
 2. The method of claim 1, furthercomprising, in subsequent communications: receiving a signal from thewireless unit and determining a corresponding CIR for the signal; andusing the CIR template and corresponding CIR to authenticate thewireless unit.
 3. The method of claim 2, wherein after successfullyauthenticating the wireless unit, the CIR template and the correspondingCIR are processed to compute a new CIR template.
 4. The method of claim2, wherein a test statistic function is calculated to evaluate thesimilarity between the corresponding CIR and the CIR template.
 5. Themethod of claim 4, wherein the test statistic function is compared witha test threshold to authenticate the wireless unit.
 6. The method ofclaim 4, wherein the test statistic function is a correlationcoefficient.
 7. The method of claim 1, wherein the higher layerauthentication of the wireless unit is performed using cryptographicmeans.
 8. The method of claim 1, wherein the higher layer authenticationof the wireless unit includes validating the received signal using aone-way hash chain value in the received signal.
 9. The method of claim1, further comprising re-performing higher layer authentication of thewireless unit when a timer expires, a certain number of CIR samples havebeen received, or the result of a test statistic indicates anunacceptable false alarm probability or miss rate.
 10. The method ofclaim 1, wherein the CIR template is updated based on the correspondingCIR and higher layer information validating the received signal as beingfrom the wireless unit.
 11. The method of claim 1, wherein the wirelessunit is a wireless transmit/receive unit (WTRU).
 12. A devicecomprising: a receiver configured to receive a signal from a wirelessunit and a processor configured to authenticate the received signal by:receiving a signal from the wireless unit determining a channel impulseresponse (CIR) of the signal; storing the CIR as a temporary CIR;performing higher layer authentication of the wireless unit using datareceived in the received signal; and upon successful higher layerauthentication using the data received in the received signal, computinga CIR template using the stored temporary CIR.
 13. The device of claim12, further comprising, in subsequent communications: receiving a signalfrom the wireless unit and determining a corresponding CIR for thesignal; and using the CIR template and corresponding CIR to authenticatethe wireless unit.
 14. The device of claim 13, wherein aftersuccessfully authenticating the wireless unit, the CIR template and thecorresponding CIR are processed to compute a new CIR template.
 15. Thedevice of claim 13, wherein a test statistic function is calculated toevaluate the similarity between the corresponding CIR and the CIRtemplate.
 16. The device of claim 15, wherein the test statisticfunction is compared with a test threshold to authenticate the wirelessunit.
 17. The device of claim 12, wherein the higher layerauthentication of the wireless unit is performed using cryptographicmeans.
 18. The device of claim 12, wherein the higher layerauthentication of the wireless unit includes validating the receivedsignal using a one-way hash chain value in the received signal.
 19. Thedevice of claim 12, further comprising re-performing higher layerauthentication of the wireless unit when a timer expires, a certainnumber of CIR samples have been received, or the result of a teststatistic indicates an unacceptable false alarm probability or missrate.
 20. The device of claim 12, wherein the CIR template is updatedbased on the corresponding CIR and higher layer information validatingthe received signal as being from the wireless unit.